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1(S7) Abstract 

. In a mefliod and a dc- ^Q^^ 
vice for partial encryption and 
Btogrtssive transmission of im- 
kgj^ a fiist tection of the un- 
aa file «« compressed at reduced 
Quality without decryption, and 

a second section of the miage / ^___J__^ 109 

file is encrypted. Us«shavmg / I .\^\f''' 

access to appropnate decrypt««» 
kevwoeds can decrypt this sec- 
ond section, -n* first section 
tocether wi* the decrypted sec- 
^ section can then 
I as a full quality image. The stM- 

age space required for stonng ttw 

first and section together is , 

sentially the same as the stor- / _/ VJl UorHim V VitSnP 

' ^ si«ce requiied for stonng r 1. / \ 

toe unencrypted full qualiqr hn- 
aee By using the mediod and 
device as described herein stor- 
age and bandwidth requirements 
for partially encrypted iroa^ b 
reduced. Furthermore, object 
based composition and proce»- 

ing of encrypted objects m fa- ..^..d and restored in the compressed domain. 
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A METHOD AND A DEVICE FOR ENCRYPTION OP IMAGES 

TECHNICAL FIELD ^ „^ 

The present invention relates to a method and a devxce for 

encrypting images. 

BACKGROUND OF THE INVENTION AND PRIOR ART 

Encryption of digital data is a technical field which becomes 
i:,5>ortant when transmitting and storing secret information or 
information which only shall be available to a user Payxng f or 
the information. Thus, several methods for encryptxng dxgxtal 
data are in frequent use. Such methods can also be applxed also 
to digital image data. Examples of encryption methods are DES. 
triple DES and the public-key RSA method. 

Digital images can be stored on servers and distributed over a 
teleco^unication network as digital image data. <=- 
.e distributed using a physical storage ^^'^^ f^f 
service providers need to establish access control that suxts 
TZr business model. In this context it might be suxtahle to 
offer partial access to one set of users and full ^<==«^^ ^° 

I of users Thus, some of the image data must be 

another set of users, inns.. >,-„ina full access 

encrypted in order to prevent all users from havxng f ul 

to all image data. 

V,*. offered for sale on the Internet. 
«ews photographs can ^J^^.^^^rs to download a 

The service provider wants to a evaluation, 
version of the image with reduced J^J I ^^^i.e and 

Journals, that want to publish an xmage. pay for the 
^Hhen allowed to download a full c^ality xmage. 

V, , «.rvice provider wants to minimize storage space 
However, such a service proviu alternatively 

" "^JZZ -:^..^.s can vie» .he i^^es a. a 

away or sold for a low pri ^lewinq them at full 

reduced quality, but they must pay for vxewing ^^^^^^^ 
quality. In the case the image provider wants to 
^ace on the CD-ROM as efficiently as possible. 

SUBSmUTE SHEET (RULE 26) 
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It is also essential that customers always can access images 
using user friendly, standardised software. Image provxders are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

presently, image providers have to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image fxrst is 
compressed and stored in a compressed file format such as JPEG 
or GIF The compressed file is then encrypted using a suitable 
encryption tool and an encrypted image file is stored. The user 
must first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 
quality images are produced by processing the full quality 
images in an image editing program. They are stored as separate 
compressed image files. 

Th. pr6bl«ns with this solution .re that at least <^f^-°"^ 
versioM o£ the sane iiuage need to be stored, and that both 
""ions n«st also be transmitted over th. networH in °^ 
I^te access in the case a costoner first «ants to see the free 

irresolution inage before paying for the full resolution 

version. 

This results in a significant disadvantage if the reduced 

version inage contains a ^^^^'^^'^ZrV^ ^^'Ir^s would 
information, xnu^ges that are offered for -^^^ ■> 
in particular be provided for ^™^^.t, ^^^LLtanding of 
since journal editors want to have 

the imge content and accepts only >^^'^ ^ ^^.^^^ of the 
printing. The reduced quality image could re.pire 
storage space of the full quality image. 

rrri»turrrs ^^^^^^ 
— nr =r ..r= 5 »• . 

techniques. They include, in Part-ulax ^^^^'^ 
wide range of progressive image formats. Each PP 
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can select a suitable progression mode. Individual objects 
within images can be accessed separately in the JPEG 2000 
bitstream and progressive transmission can be applied also to 
objects, in JPEG 2000 there is also support for independently 
decodable coding units. 

SUMMARY 

It is an object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
amount of memory required for storing an image, which partxally 
shall be possible to view, and also to reduce transmission txme 
in a transmission scheme transmitting partially encrypted 
images. 

This object and others are obtained by a technique for partial 
encryption and progressive transmission of images where a f.rst 
section of the image file can be decompressed at reduced qualxty 
without decryption, i.e. the first low quality image is not 
encrypted, and where a second section of the xmage fxle xs 
encrypted. 

.... ..... ^v.. acce.s to ^^^^^^^I^^^^Z^^TZ Z 

J •^^t- >ViiQ second sectxon. The rirsc sect.iwxi i-wv^ 

The storage space re<iuirecl for storing the first ana 
:^tionTog:t:lr'is 'essentially the sa^ as the storage space 
rtg^red for storing the unencrypted full ^^"^^^^^ ^ 
enfryption of the second section ™ay, ^epend.»g on the 
encryption method, imply a slight expansion of the 
r=Xn coo^ared to the unencrypted second section. 

1 =o he oartitioned into multiple sections where 
The image can also P^^^ individual encryption 

^Th^^r^e::^- roTseftir ^.y .e stored unencrypted, 
r^oranr^ement of the method and -ice as descried 
here^I is that the compressed images co^s.st^ a^et 
independently decodable coding units ■ ^"^^ compressed 
possible to perform encryption operations in the 
domain without performing entropy decoding . 

SUBSTITUTE SHEET (RULE 26) 
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A reduced quality image can be produced according to several 
different main schemes, such as: 

1) Reduced resolution 

2) Reduced accuracy of the transform coefficients. 

3) Exclusion of predefined regions of interest (ROD 

■ These methods can be combined so that a reduced quality image is 
e.g. produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
i^ge data as described herein, several advantages are obtaxned. 
Thus, there is no need to store two different versions of an 
ia^ge if different users are to have access to different qualxty 
of the one and same image. Also, transmission times become much 
lower if the information content of the first, low resolutxon. 
iLge data can be reused when transmitting the higher resolutxon 
image data. 

BRIEF DESCRIPTION OF THE DRAWINGS 

present invention will now be describe.^ in ^.e aeta.l ^ 
with reference to the acco..5.anying drawings. :Ln whxch. 

Pig X is a general view of the file structure of an i^ge. 
: Pigs. 2a and 2h shows encryption of images coded according to 

the JSEG 2000 standard. „^™s carried out 

- Fig, 3 is a flow chart illustrating some steps carrie 

when encrypting an iJ»age. process. 
Pig 4 is a diagraK. illustrating a client server p 

- Fig. 5 is a view of an encryption header 

™^ DESCRIPriOH ^^^^^^^^ ^ 

in Fig. 1. '"'J 3^^. the image data file 

high resolution, '^^l^l^^^nt independently decodsble coding 

consists Of a £ile structure shown in Pig- 

eections , \tw resolution version of a high 

1, the sectxon 101, wnxcn it. therefore 

r;solution image, is coded without encryptxon and 

be possible to decode by any receiver. 
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The section 103, Which comprises data, which co-toined with the 
data of section iOl, result in a medium resolution versxonof 
t^e\igh resolution image, is encrypted using a first encryption 
method, and only receivers having access to the correct 
Lryption .cey will be ahle to decode the data stored rn the 
section 103 . 

The section 105, which comprises data, which combined with the 
Tta Of section 101 and X03 results in a full resolutxon versxon 
of the high resolution image, is encrypted using a second 
encryption method, and only receivers having access to the 
encr^tion key will be able to decode the data stored xn the 
section 105. 

Thus decoding o£ the section 101 will result in a low 
^:;u:ion iige version 107. :>ecryption "^ .^ 

section 103 will, combined with the image data from the sectx^ 
Tol rLult in a medium resolution image 111. Decryption 113^ 
i H^of the section 105 will, combined with the image data 
fr^t: sLtrcns lOl and 103 result in a full resolution i^ge 

115. 

„rmore, i^lementation ^ ^^^^ -^rrrtfltro: 

Model version 2.0. ''^^^ hltstream so that a wide 

2000 bitstream can be insertea in 

range of progressive modes can be supported. 

o o a coding \jnit is a part of 

" ^ '''::^t:zT:jc:.j:^^.^^ of . given 

the bitstream ^^"^^ ^ described as any 

subband. IB ^' ^ /"^"^ information. The general 

independently '^^^^^^^l^^^^Z order is to include, so 
mechanism for specxrymg ^^^ina unit (it is 

^ ^ *->,ah «3t5ecifies the next coding unit vj- 
called tags that specme bitplane order is 

sufficient to specify the subband ^^^^^^^J^^^ ,,,,er that 

joxown) . several specific modes ^f/^^^^^ ,,,3 that 

defines a default coding unit order thus savi 

are needed for inserting explicit tags. 
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in Figs. 2a and 2b block diagrams describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus, in Fig 2a a block diagram ^ere encryption is P-^°-^-^ 
after entropy coding in the encoder is shown. Coding nnxts enter 
an entropy coding block 201. In the block 201 coding the codxng 
units are entropy coded using some suitable entropy code. The 
output from the block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded codxng unxt. 
some coding units can be selected to not be encrypted at all. 

in response to the selection made in the selector 203 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with the not encrypted codxng 
units then form a combined output data stream, whxch can be 
Stored or transtaitted- 

whxch selects received coding unit is not 

coded coding unit, or xf ttie recex 

encrypted it is directly transmitted to a block 255. 

i-o the selection made in the selector 255 the 
in response to the seieccx ^^^^^ ^ 

r.r^^A codinq units are decrypted in a d±u 
entropy coded codxng un decrypted coding units are 

suitable decryption ^^^onthm. The decryp ^.^^ 

.ben fed to the block 255 -^^J^lf ^^^^^ decryption 
from fed directly from the selector ^51 * ^^.^^^ 

^lock 253 are entropy ."frdlta stram which is fed 

output data stream corresponding to the data 
to the entropy coding block 201 in Fig. 2a. 

. • ♦.v,o t-ransmission scheme as shown in the 
Each coding unit in the "^^"'"^^"^^ encrypted block. 

J ov. handled as an mdependenciy ^ if 
Figs. 2a and 2b is hanaiea oenarately with any user 

coain, unit can ^^J^ j;^: L i««.e 
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encryption method used can further be an encryption algorithm 
conned with a keyword or a method for generating Iceywords- 

Dif ferent encryption methods can in such an embodiment have 
identical algorithms but different keywords. Encryption Method 
Description (EMD) as shown in Figs. 2a and 2b is any global data 
such as session keywords or algorithm identifiers ^ ^f^^^ 

to specify the Encryption Method. Unit Encryption State (DES) is 
a symbol that for each coding unit defines how it is encrypted. 

in Fig. 3, a flow chart illustrating different steps carried out 
When encrypting an image are shown. First, in a step 301, an 
i^ge to be partially encrypted is received. The image received 
in step 301 is then coded using a coding algorithm generating 
independently decodable coding units, e.g. JPEG 2000. in a step 



303 



N«t. in a s«p 305. some o£ th. coding unit, of the --^e coded 
r^Up 303 ar. encrypted using so^s suitable encryptxon method, 

h !s The cod^g units that are chosen to he encrypted 

rhrr In^cordanL with user ^-^----r^J^^^r 
^-r.TZTZ^^^^^C^' -c^tea Voding units 
r r ::di:r:»i:sThich are not encrypted are merged into a 
single bit stream. 

4 a flow chart illustrating a client-server process, 
in Fig. 4. a flow cnar according to the method as 

..en transmitting - e-^e^ TZ lL. Thus, a client 

.escribed in --"J^^f e,,ent 401 can then issue 
401 is connected to a server particular image, step 

a request towards the server 403 for a parci 



405. 



.02 renlies by transmitting the coding units of the 
The server 403 replies oy encrypted 
i.a.e Which are not encr^ted, step^^^^^^ ^^^^ 
coding units can be decoded oy ^^^^ .^^^^ 

to a iow -;::: r:;:ish to nave access to 

rtl^ra^^r/riution or the .u. ^.e. X. so the 

SUBSTrrUTE SHEET (RULE 26) 
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client transmits a request to the server requesting such 
information, step 409. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413. e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415. A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
"Data and computer Communications", p 635 -637. Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
with images coded as described herein. The scheme as described 
in conjunction can be modified so that no image data xs 
^ansmltted. instead the client only agrees to condxtxons set by 
trrrver in order to have access to the key word(s) ^.ch are 
required to decrypt the encrypted coding units of the CD-ROM. 

in the case when the method and device as described herein is 

used whirencoding image according to the ^EO 2000 standard^ 

Ifadvantageous if the ^.O ^ 

encryption methods. *n Encryption Header 'hat 

i^ge header or optionally an Encryption Tag that ^= 

the JPEG 2000 Tags can instead be used to specify how coding 

lonits are decrypted. 

- - - T°^rr rirrhr::t"oL:°°rris" 

rrtir: TJZ'^Z 'ZZ sho^ld then app^ded to 

thITpEO 2000 i»age header and sncryption in,or:«tion can 
optionally be merged into JPEG 2000 Tags. 

Xn rig. 5 an «.cryption header is sho».. 

can in such an embodiment contain the following symbols. 

SUBSrmnE SHEET (RULE 26) 
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1) Encryption Mode (EM) . A set of standard encryption modes are 
defined e.g. 

a) .one encryption method is used for all coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

NO encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (EMP) . Parameters (X, Y. ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption inethods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) one Encryption Method Descriptor (EMD) for each encryption 
method. The EMD defines any data that is needed by '^^^ 
encryption/decryption module. The type of encryption algorxthm 
is ^ined. A typical use of EMD will be to include a keyword 

xs defined yp algorithm. The user supplies a 

Zl ZZJ^^^on »e..od. T.is a»^x is used in OES synO^Xs. 

5, The bitatrea-n n«st £cr eadx coding unit ^^-"^ " 
.ncxypted and il so by what method. Thx= .s done by setting 
OniTLcryption state ,OES, symbol pe. codxng un.t^ Tha« 
^is could either be collected in the ^fj"^ 
alTematively be distributed in ^^'^^l^J^:,T:::i^r we 
tags. If the UES information .s >tept - ^^"^^ 
define a header element - Encryption State (^) ■ 
a series of OES syiDbols that are listed rn the sane o 
coding units appears in the bit stream. 

IP EF ia set and the Encryption State is not given in the 

SUBSmUTE SHEET (BUU 2S) 
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header. JPEG 2000 Tags can be expanded to contain Unit 
Encryption State (UES) symbols. UES defines which encryptxon 
.etiod. if any, that is used for encrypting the next codxng 
unit. 

The transform coefficients belonging to a ROI can be handled as 
described a^ove. They can be con^letely or P^^^f ^^^^^ 
by selecting appropriate coding units belongxng to the ROI for 

encryption • 

The -aia problem is that the shape of the ROI .nlaht '^- f^ 
content, if the shapes are encrypted it is, however, difficult 
to show a reduced quality i»age since it is difficult to 
interpret the coded transform coefficients. 

This problem can be solved by defining a so called cloaking^ 

!Lpe (c-shape,. Thus, the real shape of one or 
cl^letely enclosed in the c-shape. The c-shape - ^"^^ned to 
norreveal sensitive i-aje content. A simple example of a c- 
shape is a bounding box. 

version 2.0. According to the technxqu ^^^^ 

•1.- At, »-hat the shape is defined xn cne 
this would result in that cne sac^e 



header . 



. mas. is created "-Vo^thr rhlprisTodtrrrncrypted 
coefficients belongxng to the c shape 

.sing the .ethod as described ^-^^ ^^^^^J^/^ a.^ shielded 
..X coefficients belonging to any ^^J^ ^'^^ ^,,3 ,3 thus 
by the c-shape are encrypted. The texture 
protected by encryption. 

The Shape of the .OXs are ^'^^^I^JZTZ" 'Jir^Z that 

t- The encryptxon. header conta^xio 

encryption "^^-^ ™^^,Tith the corresponding c-shape. 
links encrypted ROI snape background. The c- 

The decoder can now decode the unencrypted baclcg 
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shape can be displayed as a blanic region. The original ROIs can 
be decoded if the keyword is known. This is done by ^--J^^^^l 
the coefficients belonging to the c-shape. The shape of each ROI 
belonging to the c-shape is also decrypted. The bitstream can 
now be rearranged so that the c-shape is dropped and the 
original ROI data structures are restored. Note that thxs xs 
done in the coBopressed dcxnain. 

The mask that is used for encoding a ROI is not ^^^^^^ f ^^^f . 
in JPEG 2000. A niask that is sufficiently large so that ^he ROI 
is encoded lossless will often cover the whole lower subbands. A 
„^sk that is not allowed to expand will lead to a lossy encodxng 
of the ROI. The masks belonging to different ROIs or to a ROI 
and the background can be designed to overlap. This means that 
some coefficients are encoded in n«.re than one J^^^ 
overlap will lead to a reduced overall compression but the ROIs 
Jlmore independent so that any ROI can be accessed and decoded 
with a good visual result. 

^ partial encrvption -ethod for ROIs described ^^'^ J^J^^^ 
7 o£ the choice o£ mask as long as the mask is seleotea 

dependent o£ the choi reconstructed from the 

so that the ^ ::Mrground. ^ method for hulldlng a 

content of any other ROI or h 3 in charilaos 

mask that hides the content of the ROI i= ^ ^ 

Chrtstopoulos (ed.), JPEG 2000 Verification Model ver 

nsm, the ^thod '^^^-Z^'^-Z::T 
^dwldth ^'^^'^^-^;i:X::t:i:Z7.,on and processing of 
.educed. Furthermore. -^^^^^^^^ J ^^^^ ^ ^ encrypted. 

Z:"fTR X crhfencrvpted and the original 
re-tan - derry:ted and restored in the co^ressed domain. 

«,other advantage Is that --^^";;ta:f^:s" since 
perfor^d at the same tl.e -^^^^^^^^^ :Zln (at the 

^"^^ rrufa:: in: ^srhitrrode an i.ages „ithout 

rcr.r^rLcryptlL can ^^^^J^, case, 
transmitting the image by a parser (transcod 
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r. ^v,o hifrate which will be the case 
if the encryption increases the bitrate, wni w^trate 
i-xx J XT TAGS, the increase m bitrace 

fhe encrvption is placed m the TA^^JSr ^" ^ ^ ^ 

xf tne encxyv^ ^ xr^^^t-'irtTi is onlv added before 

is avoided and the encryption information is only aa 

transmitting it- 



SUBSTTTUTE SHEET (RULE 26) 



wo 00/31964 



13 



I»Cr/SE99/02l06 



CLAIMS 



1. A method of partially encrypting image data comprising the 
steps of: 

- coding the image data using an encoding algorithm generating 
independently decodable coding units, 

- encrypting at least one of the coding units, and 

_ merging coding units which are not encrypted with coding unxts 
which are encrypted into a combined ijitstream. 

2. A method according to claim 1, characterized in that the not 
encrypted coding units correspond to a low resolution version of 
*bhe image data* 

3 A method according to any of claims 1-2, characterised in 
that different coding units are encrypted using different coding 
metbods. 

4 A method according to any of claims 1-3, characterised in 
tiiat an encryption flag, which indicates if a coding unxt is 
encrypted, is inserted in the bit stream. 

5 A method according to any of claims i - 4, when information 
corresponding to a Region of interest is ^ . 
Ilu^acLized in that the shape of the region of interest is 
enclosed in a cloaking shape. 

* device for partial encryption of Image data characteri.e* 



6 

by 



^'.eans for coding the image data according to an encod^g 
algorithm generating independently decodable coding --^^^ 
-Tans coLected to the coding means for encrypting at least 

one of the coding ^^.^^ encrypted with 

- means for merging coding units wnicn . .^^tream. 

i.-^*, encrvpted. as a combined bitstream. 
coding units which are encrypT^e^ 

^- ^ -fn claim 6. characterized by means for 
7. A device according to claim 6, cnar corresponding 
selecting the not encrypted coding units as units corr 
to a low resolution version of the image data. 
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8 A device according to any of claiios 6-7, characterized by 
^lans for-«xcrypting different coding units using different 
codln? methods • 

9. A device according to any of claims 6-8, cHaraoterised by 
„eans for inserting an encryption flag, which indicates if a 
coding unit is encrypted, in the bit stream. 

10. A device according to any of claims 6 - 9. chaxacterl.ed .by 
means for enclosing a region of interest shape xn a cloalcing 
shape. 
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